Vulnerability Description
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Cinder | <= 2014.1.2 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2014-1787.html
- http://rhn.redhat.com/errata/RHSA-2014-1788.html
- http://seclists.org/oss-sec/2014/q4/78
- http://www.securityfocus.com/bid/70221
- http://www.ubuntu.com/usn/USN-2405-1
- https://bugs.launchpad.net/cinder/+bug/1350504
- http://rhn.redhat.com/errata/RHSA-2014-1787.html
- http://rhn.redhat.com/errata/RHSA-2014-1788.html
- http://seclists.org/oss-sec/2014/q4/78
- http://www.securityfocus.com/bid/70221
- http://www.ubuntu.com/usn/USN-2405-1
- https://bugs.launchpad.net/cinder/+bug/1350504
FAQ
What is CVE-2014-3641?
CVE-2014-3641 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume wi...
How severe is CVE-2014-3641?
CVE-2014-3641 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3641?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Cinder.